package com.example.demo.config;

import com.example.demo.filter.CaptchaFilter;
import com.example.demo.handler.AppLogoutSuccessHandler;
import com.example.demo.handler.MyAuthenticationFailureHandler;
import com.example.demo.handler.MyAuthenticationSuccessHandler;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;

/**
 * @author hejinghang
 * @date 2025/3/4 14:05
 */
@EnableMethodSecurity
@Configuration
public class SecurityConfig {
    @Resource
    private AppLogoutSuccessHandler appLogoutSuccessHandler;
    @Resource
    private MyAuthenticationFailureHandler myAuthenticationFailureHandler;
    @Resource
    private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Resource
    private CaptchaFilter captchaFilter;
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
       UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource= new UrlBasedCorsConfigurationSource();
       CorsConfiguration corsConfiguration = new CorsConfiguration();
       corsConfiguration.setAllowedOrigins(Arrays.asList("*"));
       corsConfiguration.setAllowedMethods(Arrays.asList("*"));
       corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
       urlBasedCorsConfigurationSource.registerCorsConfiguration("/**",corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, CorsConfigurationSource corsConfigurationSource) throws Exception {
        return httpSecurity
                .formLogin((formLogin)->{
                    formLogin.loginProcessingUrl("/user/login")
                            .successHandler(myAuthenticationSuccessHandler)
                            .failureHandler(myAuthenticationFailureHandler)
                    ;
                })
                .logout((logout)->{
                    logout.logoutUrl("/user/logout")
                            .logoutSuccessHandler(appLogoutSuccessHandler);
                })
                .authorizeHttpRequests((authorizeHttpRequests)->{
                    authorizeHttpRequests
                            .anyRequest().authenticated();
                })
                .csrf(AbstractHttpConfigurer::disable)

                .cors((cors)->{
                    cors.configurationSource(corsConfigurationSource);
                })
                .sessionManagement((sessionManagement)->{
                    sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
                })

                .build();
    }
}
